Skip to main content
Home

The Tor Project

Enter the terms you wish to search for.

Main menu

  • About Tor
  • Donate

FOCI Workshop (Baltimore)

August 14, 2018

Free and Open Communications on the Internet:

https://www.usenix.org/conference/foci18

Upcoming Events

February 23, 2019
Tor Meetup (Lisbon)
March 23, 2019 - March 24, 2019
LibrePlanet (Boston)
March 24, 2019 - March 27, 2019
KNOW 2019 (Vegas)
April 01, 2019 - April 05, 2019
Internet Freedom Festival (Valencia)
June 11, 2019 - June 14, 2019
RightsCon (Tunis)
See All Upcoming Events

Recent Updates

New Releases: Tor 0.4.0.2-alpha, 0.3.5.8, 0.3.4.11, and 0.3.3.12

by nickm | February 21, 2019

There are new source code releases available for download. If you build Tor from source, you can download the source code for 0.4.0.2-alpha and 0.3.5.8 from the download page. You can find 0.3.4.11 and 0.3.3.12 at dist.torproject.org. Packages should be available over the coming weeks, with a new alpha Tor Browser release likely in the same timeframe.

These releases all fix TROVE-2019-001, a possible security bug involving the KIST cell scheduler code in versions 0.3.2.1-alpha and later. We are not certain that it is possible to exploit this bug in the wild, but out of an abundance of caution, we recommend that all affected users upgrade once packages are available. The potential impact is a remote denial-of-service attack against clients or relays.

Also note: 0.3.3.12 is the last anticipated release in the 0.3.3.x series; that series will become unsupported next week. The remaining supported stable series will 0.2.9.x (long-term support until 2020), 0.3.4.x (supported until June), and 0.3.5.x (long-term support until 2022).

Below are the changes in Tor 0.3.5.8 and in 0.4.0.2-alpha. You can also read the changelog for 0.3.4.11 and the changelog for 0.3.3.12.

Changes in version 0.3.5.8 - 2019-02-21

Tor 0.3.5.8 backports serveral fixes from later releases, including fixes for an annoying SOCKS-parsing bug that affected users in earlier 0.3.5.x releases.

It also includes a fix for a medium-severity security bug affecting Tor 0.3.2.1-alpha and later. All Tor instances running an affected release should upgrade to 0.3.3.12, 0.3.4.11, 0.3.5.8, or 0.4.0.2-alpha.

  • Major bugfixes (cell scheduler, KIST, security):
    • Make KIST consider the outbuf length when computing what it can put in the outbuf. Previously, KIST acted as though the outbuf were empty, which could lead to the outbuf becoming too full. It is possible that an attacker could exploit this bug to cause a Tor client or relay to run out of memory and crash. Fixes bug 29168; bugfix on 0.3.2.1-alpha. This issue is also being tracked as TROVE-2019-001 and CVE-2019-8955.
  • Major bugfixes (networking, backport from 0.4.0.2-alpha):
    • Gracefully handle empty username/password fields in SOCKS5 username/password auth messsage and allow SOCKS5 handshake to continue. Previously, we had rejected these handshakes, breaking certain applications. Fixes bug 29175; bugfix on 0.3.5.1-alpha.

 

New Release: OnionShare 2

by micah | February 20, 2019

The original version of this post can be found on Micah Lee's blog.

New Release: Tor Browser 8.5a8

by boklm | February 15, 2019

Tor Browser 8.5a8 is now available from the Tor Browser Project page and also from our

New Release: Tor Browser 8.0.6

by boklm | February 12, 2019

Tor Browser 8.0.6 is now available from the Tor Browser Project page and also from our

© 2019 The Tor Project

Footer

  • The Tor Project
  • RSS
  • Donate